Yes. Yes it is.
Let me explain.
Is spam a problem? Well, I’ll get to that in a minute. But the government certainly thinks so, as back in December of 2010 it passed what has been come to called the CASL, or Canada’s Anti-Spam Law. The full title of the law is really quite something, and I think it even needs its own blockquote:
An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act
Whew, that’s a mouthful. We’ll just call it the CASL. The CASL, in its original form, was perhaps the harshest anti-spam law anywhere. As I’ve never written about this before, here’s a quick rundown of some of the highlights of what it does:
- You need to have “prior consent” to send someone a Commercial Electronic Message (“CEM”). These CEMs include not just emails, but text messages, Facebook messages, and the like. A CEM is a message that offers “commercial activity”, and that commercial activity doesn’t even have to have profit as its goal.
- Your CEM must include all sorts of information about the sender, and have an opt-out option.
- Organizations can be fined up to $10 million per violation, and individuals up to $1 million. Yikes!
Those are the basics of what it does. The law is also about preventing people from installing nefarious computer programs on people’s computers (i.e. malware or spyware), but let’s just ignore that for now. The key to those points above is the “prior consent” business. Basically, you need to have asked for permission to send someone a CEM, though there are ways that the consent can be implied. Compare this prior consent requirement to the American CAN-SPAM Act, which only requires some opt-out mechanism.
So the law received royal assent back in 2010, but it is still not in force. The law was held back while Industry Canada and the CRTC published regulations to clarify the stuff in the CASL. Industry Canada published some regulations first, and asked for comments. Then the CRTC published theirs. Then, earlier this month, Industry Canada presented their revised regulations based on those first comments. Ahh, lawmaking. Takes a while.
Reaction to the newest regulations has been mixed. Michael Geist wrote earlier this week that the new regulations water down the CASL by providing too many exceptions from the express consent requirement. He’s right. Barry Sookman has been looking at the regulations in a series of posts this week, and his position is that the new exceptions in the regulations were needed. He claims that the CASL’s “ban all” approach was limiting commercial speech. He’s right too.
Me? I don’t give a crap. Why? Because the CASL, the entire concept of it, is a joke. Now, finally, I will explain.
What do you think of when you think of spam? You think of emails with the subtle subject lines like “ENLARGE YOUR PENIS NOW” or “CANADIAN DRUGS!!” or “MEET HOT SEXY LOCAL WOMEN TONIGHT!!!” You think of spam as the type of email I screencapped for you at the top of this post. I guarantee you that every single Canadian thinks of these types of emails as spam. That’s the spam that’s taking over the internet. That’s the spam that various estimates put at 70-90% of all email sent.
And the CASL will do absolutely nothing about that type of spam. That’s the joke.
The spam you and I think of as spam most likely did not come from Canada. It came from India, or Russia, or China, or the USA. Even the “CANADIAN DRUGS” one came from somewhere besides Canada. Now, technically, the CASL has some of what we in the law biz call “extra-territorial effects,” meaning that the law should technically apply to people outside of Canada who send spam to Canadians. The CASL says that as long as a Canadian computer is used to “access” the CEM, that’s enough for the CASL to apply. Here’s what the CRTC’s chief compliance and enforcement officer Andrea Rosen said about that:
“If the spammer is offshore, we have the ability under the law to co-operate with foreign governments, to share information and to bring proceedings together against individuals that are offshore”
“Cooperating” and “sharing information” are totally useless and will do nothing about that bank of computers in a warehouse in Vladivostok sending spam. As for the ability “to bring proceedings” to people not in Canada, good fucking luck with that. First, you have to find them. Sure, because spammers on the internet make it easy for you to find them. Then, you have to serve them. Then, you have to get them to a Canadian court. Even if you manage to get a judgment against them, or impose some sort of fine, good luck trying to get that enforced. National laws that have international effects are almost always impossible to enforce. To truly tackle an international legal problem, you need an international law or treaty.
Also, here’s another issue I have with the government’s approach to spam. When was the last time you actually got spam (well, the spam you and I are talking about) in your inbox? Me? I can’t even think of how long it’s been. And I don’t even do anything special. I have at least 5 different email accounts running from 5 different services or hosts. Gmail does an amazing job filtering out all spam. All of my hosting companies do a decent job blocking spam at the server level. Even if something slips through the server, even stupid old Outlook 2007 manages to block what’s left, diverting it to a Junk folder. Technology has, for the most part, triumphed over spam, better than any law ever could.
So here we have a government wasting years of time and effort to tackle a problem that 1. barely exists any more thanks to technology and 2. will do nothing to stem the tide of Lose Weight Now! emails that you ignore (or never see) anyway.
The only people or organizations who will work hard to comply with the CASL are legitimate companies. Sure, the Bells and Krafts of this country have the resources to make sure they comply. But that small start-up company that could be the next Facebook which uses email as their only marketing tool? They’re fucked. And that’s fucked. The stated purpose of the CASL is to “promote the efficiency and adaptability of the Canadian economy”. It will have the opposite effect on that start-up. The real spammers, the guys running bots and banks of computers from their basements, have no interest in complying. Sure, put a law on the books that targets these guys with large penalties. But the onerous nature of the CASL on legitimate businesses is a joke.
And here’s the thing about legitimate Canadian businesses who send CEMs – virtually all of them already have some opt-out mechanism. I’ve used them, and they work just fine thankyouverymuch. It’s good business practice to do so. Legitimate businesses don’t want to piss of their customers or potential customers by spamming them. Legitimate businesses aren’t the ones sending the spam that’s the problem (such as it is), but they’re the ones who will bear the burden of the CASL. That’s a joke.
Lawyers and government regulators are spending weeks and months and now years (mmm, billable hours) debating the intricacies and minutiae of the CASL and the regulations, and advising their clients on how to comply (when the time comes). I am doing it too. But we shouldn’t have to be. True spam can only be stopped by technology, and some international cooperative effort that includes the governments of all the countries who are most responsible. In all our discussion about the details, no one has really asked if the CASL is even a good idea or a joke. I guess until now.
Speaking of jokes, we end with a word from our sponsor: